Auditor's Guide to It Auditing + Software Demo - 2nd edition

Read more

Informationen zum Autor RICHARD E. CASCARINO, MBA, CIA, CISA, CISM, is a consultant and lecturer with over thirty years' experience in internal, forensic, risk, and computer auditing. He is Managing Director of Richard Cascarino & Associates, a successful audit training and consultancy company. For the last twenty-five years, they have been providing consultancy and professional development services to clients throughout the southern African region as well as Europe, the Middle East, and the United States. He is a past president of the Institute of Internal Auditors South Africa (IIA SA), was the founding Regional Director of the Southern African Region of the IIA Inc., and is a member of both the Information Systems Audit and Control Association and the Association of Certified Fraud Examiners. Klappentext Step-by-step guide to successful implementation and control of IT systems--including the CloudMany auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Now in a Second Edition, Auditor's Guide to IT Auditing presents an easy, practical guide for auditors that can be applied to all computing environments.* Follows the approach used by the Information System Audit and Control Association's model curriculum, making this book a practical approach to IS auditing* Serves as an excellent study guide for those preparing for the CISA and CISM exams* Includes discussion of risk evaluation methodologies, new regulations, SOX, privacy, banking, IT governance, CobiT, outsourcing, network management, and the CloudAs networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. Auditor's Guide to IT Auditing, Second Edition empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls. Zusammenfassung Step-by-step guide to successful implementation and control of IT systems including the Cloud Many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Inhaltsverzeichnis Preface xvii Part I: IT Audit Process 1 Chapter 1: Technology and Audit 3 Technology and Audit 4 Batch and Online Systems 8 Electronic Data Interchange 20 Electronic Business 21 Cloud Computing 22 Chapter 2: IT Audit Function Knowledge 25 Information Technology Auditing 25 What Is Management? 26 Management Process 26 Understanding the Organization's Business 27 Establishing the Needs 27 Identifying Key Activities 27 Establish Performance Objectives 27 Decide the Control Strategies 27 Implement and Monitor the Controls 28 Executive Management's Responsibility and Corporate Governance 28 Audit Role 28 Conceptual Foundation 29 Professionalism within the IT Auditing Function 29 Relationship of Internal IT Audit to the External Auditor 30 Relationship of IT Audit to Other Company Audit Activities 30 Audit Charter 30 Charter Content 30 Outsourcing the IT Audit Activity 31 Regulation, Control, and Standards 31 Chapter 3: IT Risk and Fundamental Auditing Concepts 33 Computer Risks and Exposures 33 Effect of Risk 35 Audit and Risk 36 Audit Evidence 37 Conducting an IT Risk-Assessment Process 38 NIST SP 800 30 Framework 38 ISO 27005 39 The "Cascarino Cube" 39 Reliability of Audit Evidence 44 Audit Evidence Procedures 45 Responsibilities for Fraud Detection and Prevention 46 Notes 46 Chapter 4: Standards and Guidelines for IT...

List of contents

Preface xvii
 
PART I: IT AUDIT PROCESS 1
 
Chapter 1: Technology and Audit 3
 
Chapter 2: IT Audit Function Knowledge 25
 
Chapter 3: IT Risk and Fundamental Auditing Concepts 33
 
Chapter 4: Standards and Guidelines for IT Auditing 47
 
Chapter 5: Internal Controls Concepts Knowledge 57
 
Chapter 6: Risk Management of the IT Function 73
 
Chapter 7: Audit Planning Process 85
 
Chapter 8: Audit Management 93
 
Chapter 9: Audit Evidence Process 103
 
Chapter 10: Audit Reporting Follow-up 123
 
PART II: INFORMATION TECHNOLOGY GOVERNANCE 131
 
Chapter 11: Management 133
 
Chapter 12: Strategic Planning 147
 
Chapter 13: Management Issues 159
 
Chapter 14: Support Tools and Frameworks 169
 
Chapter 15: Governance Techniques 179
 
PART III: SYSTEMS AND INFRASTRUCTURE LIFECYCLE MANAGEMENT 185
 
Chapter 16: Information Systems Planning 187
 
Chapter 17: Information Management and Usage 199
 
hapter 18: Development, Acquisition, and Maintenance of Information Systems 207
 
Chapter 19: Impact of Information Technology on the Business Processes and Solutions 215
 
Chapter 20: Software Development 221
 
Chapter 21: Audit and Control of Purchased Packages and Services 229
 
Chapter 22: Audit Role in Feasibility Studies and Conversions 237
 
Chapter 23: Audit and Development of Application Controls 243
 
PART IV: INFORMATION TECHNOLOGY SERVICE DELIVERY AND SUPPORT 253
 
Chapter 24: Technical Infrastructure 255
 
Chapter 25: Service-Center Management 265
 
PART V: PROTECTION OF INFORMATION ASSETS 271
 
Chapter 26: Information Assets Security Management 273
 
Chapter 27: Logical Information Technology Security 283
 
Chapter 28: Applied Information Technology Security 297
 
Chapter 29: Physical and Environmental Security 305
 
PART VI: BUSINESS CONTINUITY AND DISASTER RECOVERY 311
 
Chapter 30: Protection of the Information Technology Architecture and Assets: Disaster-Recovery Planning 313
 
Chapter 31: Displacement Control 323
 
PART VII: ADVANCED IT AUDITING 329
 
Chapter 32: Auditing E-commerce Systems 331
 
Chapter 33: Auditing UNIX/Linux 345
 
Chapter 34: Auditing Windows VISTA and Windows 7 355
 
Chapter 35: Foiling the System Hackers 361
 
Chapter 36: Preventing and Investigating Information Technology Fraud 367
 
Appendix A Ethics and Standards for the IS Auditor 377
 
Appendix B Audit Program for Application Systems Auditing 379
 
Appendix C Logical Access Control Audit Program 393
 
Appendix D Audit Program for Auditing UNIX/Linux Environments 401
 
Appendix E Audit Program for Auditing Windows VISTA and Windows 7 Environments 407
 
About the Author 415
 
About the Website 417
 
Index 419